Posts Tagged ‘Google’

A study by Coverity unveils 88 flaws exposing users’ data. The study examined the publicly disclosed version of the Android kernel. Among the discovered defects in Android there where memory corruptions, memory illegal accesses and resource leaks. All mentioned defects are considered high-risk.
Coverity said it won’t release details until January. This way it allows Google and handset vendors to issue fixes.
While Android is the OS of about 26% of the smart-phones worldwide[2] and companies are supplying their employees with smart-phones for mixed business and personal use, malicious software could be deployed to extract informations from companies.

Last Friday, Google released a new security tool known as Skipfish, written by Michal Zalewski, a Polish security researcher and author of various tools and books, with contributions and feedback from Google’s information security engineering team. Skipfish aims to help web application developers secure and reveal various possible security flaws of their applications. Since web applications become more and more complex, developers need similar tools to check and validate the security of their code. Michal Zalewski wrote in a blog article, “The safety of the Internet is of paramount importance to Google, and helping web developers build secure, reliable web applications is an important part of the equation.”

Internet Explorer is again exploited by hackers. The attack, named “Aurora”, against Google and some other American companies was based on this new exploit of the Internet Explorer, announced McAfee. The exploit has already been reproduced by the Metasploit-Team, which has added the exploit to its framework.

Therefore the danger of this exploit has grown because also Script-Kiddies are able to use this exploit. The BSI recommended using another browser to not get victim of this exploit. Microsoft recommends to set the security options to “high” or to disable JavaScript on which the exploit is based.

A new effective attack against Google’s CAPTCHA mechanisms was invented by a security researcher lately. The whole attack procedure is presented in a paper that was released on Saturday. The attack is based on OCR (Optical Character Recognition) techinques that used to evade Googles’ reCAPTCHA (CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart, for more information click here). reCAPTCHA is a recent security measure that Google uses so as to stop malicious scripts of doing important tasks without has been done first a specific authentication process. This process requires the sense of sight, that a computer script can’t have, so that optical puzzles can be solved first, in order to continue with the task execution.